viewpasswordfix158.exe

The application viewpasswordfix158.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “ViewPassword”. This file is typically installed with the program ViewPassword by Revizer Technologies which is a potentially unwanted software program.
MD5:
23ba8602afa88a831e85e22d67625320

SHA-1:
0af6134475045d992413a3bf19e7debe03426b6e

SHA-256:
46b2896b73f4eb6ce385797c50a0385d632e929dcc9e2a4802d682f2ea6709d6

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 5:31:46 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Dropper-gen [Drp]
2014.9-140411

Baidu Antivirus
Adware.Win32.AddLyrics
4.0.3.14411

Qihoo 360 Security
Win32/Trojan.Multi.daf
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
14.4.11.19

File size:
138.5 KB (141,824 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\viewpassword-soft\viewpasswordfix158.exe

File PE Metadata
Compilation timestamp:
4/10/2014 2:57:44 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
3072:6Q+H1tTKVm2wDMhIQ1gr7U1wIDNQZZLc:6QE1UVmJwhIQOCPaZ

Entry address:
0xBCB9

Entry point:
E8, 09, 58, 00, 00, E9, 95, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 48, 1E, 42, 00, 00, 74, 05, E9, 66, 58, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7...
 
[+]

Code size:
83.5 KB (85,504 bytes)

Service
Display name:
ViewPassword

Type:
Win32OwnProcess


The file viewpasswordfix158.exe has been discovered within the following program.

ViewPassword  by Revizer Technologies
ViewPassword is an web browser advertisement injection extension that is designed with the core purpose of delivering ads to the user's web browser. Ads are in the form of banners (both static and videos) as well as context-hyper links.
80% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP):
Connects to t.mookie1.com  (208.71.121.1:80)

TCP (HTTP):
Connects to sjd-rb12-1a.sjc.dropbox.com  (108.160.166.57:80)

TCP (HTTP):
Connects to server-54-230-25-183.mxp4.r.cloudfront.net  (54.230.25.183:80)

TCP (HTTP SSL):
Connects to s3-1-w.amazonaws.com  (205.251.243.169:443)

TCP (HTTP):
Connects to retarget.xa.dc.openx.org  (173.241.240.7:80)

TCP (HTTP):
Connects to msnbot-65-52-108-52.search.msn.com  (65.52.108.52:80)

TCP (HTTP):
Connects to mpr2.ngd.vip.bf1.yahoo.com  (98.139.225.43:80)

TCP (HTTP):
Connects to mil02s05-in-f13.1e100.net  (74.125.232.141:80)

TCP (HTTP):
Connects to mil01s16-in-f7.1e100.net  (173.194.35.7:80)

TCP (HTTP):
Connects to mil01s16-in-f6.1e100.net  (173.194.35.6:80)

TCP (HTTP):
Connects to mil01s16-in-f31.1e100.net  (173.194.35.31:80)

TCP (HTTP):
Connects to mil01s16-in-f3.1e100.net  (173.194.35.3:80)

TCP (HTTP):
Connects to mil01s16-in-f25.1e100.net  (173.194.35.25:80)

TCP (HTTP):
Connects to mil01s16-in-f2.1e100.net  (173.194.35.2:80)

TCP (HTTP):
Connects to mil01s16-in-f17.1e100.net  (173.194.35.17:80)

TCP (HTTP):
Connects to mil01s16-in-f13.1e100.net  (173.194.35.13:80)

TCP (HTTP):
Connects to mil01s16-in-f11.1e100.net  (173.194.35.11:80)

TCP (HTTP):
Connects to ip13.ch1sch01033aash.ntwk.msn.net  (65.52.108.3:80)

TCP (HTTP):
Connects to hosted-by.leaseweb.com  (198.7.59.26:80)

Remove viewpasswordfix158.exe - Powered by Reason Core Security